Comparison and integration guidelines of open-source and cloud single sign-on (SSO) solutions in DHIS2

This abstract has been accepted at the 2024 DHIS2 Annual Conference

Comparison and integration guidelines of open-source and cloud single sign-on (SSO) solutions in DHIS2

DHIS2’s access control and user authentication can be challenging to manage, especially for improving security and simplifying user experience, and there’s a lack of clear guidelines for comparing open-source solutions with single sign-on techniques. In order to meet specific requirements and scalability, we list of recommendations for comparing and integrating open-source solutions with DHIS2, including well-known tools like Shibboleth, FreeIPA, and Keycloak as well as cloud-based identity management systems like Azure Active Directory, Okta, and AWS Cognito. In contrast to identity services hosted in the cloud, open-source solutions such as Keycloak provide advantages in terms of expenses, transparency, autonomy, and adaptability. They are financially practical because they allow organizations to improve user data accuracy, audit security, and modify authentication protocols. Because of its strong features, community support, easy DHIS2 integration, and adherence to open-source ideals, Keycloak is being implemented. Keycloak has been set up with DHIS2 in order to carry out the necessary configurations. Upon executing the initial steps, further work is needed to enable seamless integration, such as fine-tuning the configuration and resolving any implementation-related issues. What is Single Sign-On(SSO)? SSO is an identification method that allows a user with a single set of credentials to login or have access to multiple applications or websites. Think of it like having a key that can unlock several doors. SSO works with three parties, Principle which is the user, the requests goes to a Service Provider, SP is like a vendor providing solutions and services to the user e.g apps or websites, but before granting access the SP needs to validate if the user is legitimate by using Identity Service Provider(IdP), an IdP is a system that creates,manages, maintains and authenticate users. Advantages of SSO Stronger passwords: Users need to create, remember, and use one stronger password with SSO. Multi-factor authentication: SSO allows for the use of multiple identity factors, such as a USB device or smartphone code, to authenticate a user. Reduces password recovery time: SSO reduces time spent on password recovery and user sign-ins, potentially increasing business productivity.

Primary Author: Ivy Jeptoo

keycloak, identity provider, open-source

1 Like